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Abstract 

We describe how we connected three programs that compute Grobner bases UJ to Coq ifTTI . to 
do automated proofs on algebraic, geometrical and arithmetical expressions. The result is a set of 
Coq tactics and a certificate mechanism[J. 

The programs are: F4 [SJ, GB |4|, and gbcoq 1 10|. F4 and GB are the fastest (up to our knowl- 
^^ edge) available programs that compute Grobner bases. Gbcoq is slow in general but is proved to be 

*vj . correct (in Coq), and we adapted it to our specific problem to be efficient. The automated proofs 

concern equalities and non-equalities on polynomials with coefficients and indeterminates in R or Z, 
and are done by reducing to Grobner computation, via Hilbert's Nullstellensatz. We adapted also the 
results of |7|, to allow to prove some theorems about modular arithmetics. The connection between 
Coq and the programs that compute Grobner bases is done using the "external" tactic of Coq that 
^N ■ allows to call arbitrary programs accepting xml inputs and outputs. We also produce certificates in 

order to make the proof scripts independant from the external programs. 

u 
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1 Introduction 



Proof assistants contain now more and more automatic procedures that generate proofs in specific do- 
mains. In the Coq system, several tactics exist, for example the omega tactic which proves inequalities 
I> I between linear expressions with integer variables, the f ourier tactic which does the same thing with 

real numbers, the ring and field tactic, which proves equalities between expressions in a ring or a 
\^ . field, the sos tactic which proves some inequalities on real polynomials. We describe here a new tactic, 

cn I called gb, which proves (non-)equalities in rings using other (non-)equalities as hypotheses. For example 

C^ ■ yxy:R,x^+xy = 0, y^ +xy = ^ x + y = 0,oryx: R,x^ ^ 1 ^a;/ 1. 

This tactic uses external efficient programs that compute Grobner bases, and their result to produce 
a proof and a certificate. 

We wrote such a tactic several years ago f9l, but using only the gbcoq program, which were rather 
slow. So the tactic remained experimental and was not included in the Coq system. There are also similar 
tactics in other proof systems: in hol-light, John Harrison wrote a program that computes Grobner bases 
C^ I to prove polynomial equalities, specially in arithmetics Q. This program was adapted in Isabelle by 

Amine Chaieb and Makarius Wenzel for the same task [2]. We show on examples that our tactic is faster. 
This paper is organized as follow. In section 2 we explain the mathematical method we use to reduce 
the problem to Grobner bases computations. In section 3 we detail the tactic and the way it builds a 
proof in Coq. In section 4 we show how we connected Coq to the specialized programs that computes 
Grobner bases. Section 5 details the complete tactics that proves also non-equalities, and section 6 shows 
how to produce certificates and then save time in the proof script. In section 7 we give some examples 
of utilisations of the tactic in algebra, geometry and arithmetics, with comparisons with hol-light[6J . 
Section 8 contains the conclusion and perpectives of this work. 

2 Hilbert Nullstellensatz 

Hilbert Nullstellensatz shows how to reduce proofs of equalities on polynomials to algebraic computa- 
tions (see for example l3l for the notions introduced in this section). 
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It is easy to see that if a polynomial P in K\Ky,. . . ,X„] verifies P^ = Yfi=\ QiPi^ with r a positive 
integer, Qi and Pi also in K[Xi,. . . ,X„], then P is zero whenever polynomials Pi, ...,Pj, are zero. 

Then we can reduce the proof of Pi = 0, . . . ,Pi = => P = to find Qi,-- ■ ,Qs and r such that 

P'' = ZiQiPi- 

The converse is also true when K is algebraically closed: this is the Hilbert NuUstellensatz. In this 
case, the method is complete. 

Finding P*" = ^, 2,P, can be done using Grobner bases, as we will explain now. 

Recall that an ideal J^ of a ring is an additive sub-group of the ring such that ax G ^ whenever 
a G =y. The ideal generated by a family of polynomials is the set of all linear combinations of these 
polynomials (with polynomial coefficients). 

A Grobner basis of an ideal is a set of polynomials of the ideal such that their head monomials 
(relative to a choosen order on monomials, e.g. lexicographic order, or degree order) generates the ideal 
of head monomials of all polynomials in the ideal. The main property of a Grobner basis is that it 
provides a test for the membership to the ideal: a polynomial is in the ideal iff its euclidian division 
by the polynomials of the basis gives a zero remainder. The division process is a generalisation of the 
division of polynomials in one variable: to divide a polynomial P by a polynomial aX" — 2 we write 
P = aX'^S + T where T contains no monomial that is multiple of X". Then change P with QS+ T and 
repeat divison. The last non zero T is the remainder of the division. To divide a polynomial by a family 
of polynomials, we repeat this process with each polynomial of the family. In general, the remainder 
depends on the order we use the polynomials of the family. But with a Grobner basis, this remainder is 
unique (this is a characteristic property of Grobner basis). 

2.1 Method 1: how to find 2i , . . . , 2, such that 1 = E, QiPi 

Compute a Grobner base of the polynomials {?P,- — e,-, eiej, eit}jj (where t,ei,...,es are, new variables) 
with an order such that t >Xi> e,. 

Suppose that, in this basis, there is a polynomial of the form t — E, 2,e,. This polynomial is then in 
the ideal generated by {tPj — e,-, e,ey, eit}ij, so is a linear combination of these polynomials: 

t-'LiQiei = Lihi{tPi-ei) + 'EijgijeiCj + Y.ikeit 

ei are formal variables, so we can substitute formally e,- with tPf, and we obtain t{\ —Y^iQiPi) = 

0+t\ZijgijPiPj + ZihPi). 

Then the coefficient of t in this equation must be zero: 1 — E, 2,P, = 0, and we are done. 
Note that the polynomials {eit, ejej} are not necessary, but their presence much speed up the com- 
putation of the Grobner basio 

2.2 Method 2: how to find 2i , . . . , 2, and r such that P' = L, QiPi 

Use the standard trick: search to write 1 = Y^i^iPi + ^{^ ~zP) {*), where z is a new variable. This can 
be done with the previous method. Suppose we succeed. Let r be the max degree in z of polynomials hi. 
Substitute formally z with 1/P, and multiply the equation (*) by P*". Then we obtain P'^ = ^, QiPt, as 
required, where Qi = P^'hi[z ^— 1/P] 

2.3 Completness 

It is easy to see that methods 1 and 2 are complete in the sense that if P'' = Y,i QiPi holds, there will find 
such an equation: 



thanks to Bernard Mourrain for this trick 
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• method 1: suppose 1 —Y^iQiPi = 0- Then t = Y^iQitPj, and t — Y^iQi^i = HiQiitPi — ^i)- Hence 
t — Y,i Qi^i belongs to the ideal of which we have computed a Grobner basis. Because of the order 
we have choosen on variables, this implies that there is a polynomial t — Y^ih^i iri the Grobner 
basis. 

• method 2: suppose P' = I,- 2,P,-. We have 1 -z'^P' = {\+zP + .. . +z''"ip''"i)(l -zP). Replacing 
P'" with I; QiP we obtain 1 = z'iZi QiPi) + {l+zP+...+ z'-^P'-^){l - zP). 

2.4 Example 

Take 7? =x + y, p\ =x^ +xy, p2=y^ + xy. With the previous method, the Grobner basis is: 

t - zyeQ - zxeo -z^ey- z^e2 - eo 
y^eo - x^eo + zyei - zxe2 -ei+e2 
yxeo + x^eo + zye2 + zxe2 - ^2 

xei —ye2 
eoe[,e],eoe2,e[e2,el 

we obtain r = 2, Qi = I, Q2 = 1, and then (x + y)'^ = 1 x (x^ +xy) + 1 x (3;^ +xy). Which proves 
thatx2+x3; = 0, y'^ +xy = ^x + y = 0. 

3 Proof in Coq 

Coq [111 is a proof assistant based on type theory, where we can interactively build proofs of goals, 
which are logical assertions of the form V//i : ri,...,V//„ : Tn,C{Hl,...,Hn). Using tactics, we can 
simplify the goal, while the system builds the corresponding piece of proof. 
Typically we will treate goals of the form: 



X 


Z 


y 


Z 


H 


x~2 + x*y = 


HO 


: y"2 + x*y = 



X + y = 

Here hypotheses are variables belonging in a ring or a field, and equalities between polynomials. 

We explain now how to compute and use the Nullstellensatz equation to build a proof of this goal 
in Coq. The steps are: syntaxification, Grobner basis computation, and building the proof from the 
Nullstellensatz equation. 

3.1 Syntaxification 

We begin by building polynomials from the three equations in this goal. This is done in the tactic 
language of Coq (LTAC, which is a meta-language for computing tactics and executing them) by first 
computing the list of variables: 

Iv = (cons y (cons x nil)) 

and the list of polynomials: 
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Ip = (cons (Add (Pow (Var 2) 2) (Mul (Var 2) (Var 1))) 

(cons (Add (Pow (Var 1) 2) (Mul (Var 2) (Var 1))) 

(cons (Sub (Add (Var 2) (Var 1)) (Const 1)) 
nil))) 

Variables are represented by their rank in the list of variables. Polynomials are elements of an in- 
ductive type, and we can recover the equations by interpreting them in Z with the list of variables. For 
example, 

(interpret (Add (Pow (Var 2) 2) (Mul (Var 2) (Var 1))) 
Iv) 

evaluates in x'2 + x * y. 

We used parts of the code of the sos|8| tactic, written by Laurent Thery. 

3.2 Calling Grobner basis computation 

We call the external program gb (see section 4) with the list of polynomials; here we choose the program 
F4 to compute Grobner basis: 

external "./gb" "jcf2" Ip 

The result is the term: 

(cons 
(Pow 
(Add 

(Add Zero 
(Mul 

(Add (Add Zero (Mul (Const 1) (Const 11))) 

(Mul (Const 1 1) (Pow (Var 1) 1))) (Const 11))) 
(Mul (Const 1 1) (Pow (Var 2) 1))) 
2) 
(cons (Const 1 1) (cons (Const 1 1) (cons (Const 1 1) nil)))) 

which has the structure 
(cons (Pow p d) (cons c Iq) ) 
such that the Nullstellensatz equation holds: 



gielq 



Here, we have lq = q\, qj, qi =q2 = ^ 



3.3 Building the proof from the Nullstellensatz equation 

After interpreting the polynomials qi and 172 in Z using the original list of variables, we get and prove 
easily the goal 

1* (x+y)~2=l* (x"2+x*y)+l* (y~2+x*y) 

by the ring tactic. 

To prove the original goal, it is now sufficient to rewrite x"2 + x * y and y"2 + x * ybyO, 
getting 1 * (x + y)"2 = 0, and, using a simple lemma, we get x + y = and we are done. 



Connecting Grobner bases programs with Coq Pottier 



4 Connecting F4, GB, and gbcoq to Coq 

Coq allows to call arbitrary external programs via a function called "external". It sends Coq terms in 
xml format (i.e. as tree) to the standard output of the external program, and gets its standard output (also 
in xml format) as a resulting Coq term. We use this function to compute a Grobner basis of a list of 
polynomials, via a single interface to three specialized programs: F4, GB, and gbcoq. This interface, 
called "gb" is written in ocaml. It translates the list of polynomials given as standard input in xml format 
in the format of the choosen program (F4, GB or gbcoq), call it with the good arguments, get its result 
(a Grobner basis, if no error occured), selects its useful information, translates it in xml and sends it as 
result to standard output. More precisely: 

• F4 is a C library, and has only an interface for Maple. We wrote a simple parser of polynomials to 
use it on command line, helped by J.C. Faugere. 

• GB is also written in C and has a command line interface, or accept inputs in a file; with a Maple- 
like syntax for polynomials. 

• Gbcoq is written in ocaml, so is integrated to gb. This program uses an Buchberger-like algorithm 
which has been extracted from Coq. So it is proven to be correct. We added recently an optimisa- 
tion which reduces drastically the time to compute Nullstellensatz equations: each time we add a 
new polynomial during the completion via the reduction of critical pairs, we divide the polynomial 
that we want to test if it is in the ideal, by the current family of polynomials. If this gives zero, 
then we stop:, and return the Nullstellensatz coefficients, deduced from the divisions we made. 
More we also try its powers (up to a parametrized limit). Then, when we have computed the whole 
Grobner basis, we can compute the Nullstellensatz coefficients, without having to verify that the 
remaining critical pairs reduce to zero. More, this is often the case that the polynomial reduces to 
zero with a partial Grobner basis! The time is sometimes divided by 1000 with such a technique, 
and always much reduced. Note that such an improvement cannot be made in a blackbox program 
such as the programs of JC Faugere, which are free but not opensource. 



5 The gbR and gbZ tactics in Coq 

We wrote two tactics: gbR for real numbers, gbZ for integers. The set of integer is not a field, but 
we can simulate computations in the field of rational numbers using only integers. In this case, the 
Nullstellensatz equation become cp'^ = Y^iqiPi, where c is an integer, and the qt have integer coefficients. 

We can allow negations of equations in the conclusion. For example xy = I ^ x^O. The trick is to 
replace x ^0 with x = ^ 1 = 0, which is equivalent to add a new equation in hypotheses, and replace 
the equation to prove with 1=0. 

In the case of real numbers, we can allow also negations of equations in hypotheses. For example 
x^ / 1 =^ X / 1. This can be done by introducing new variables, remarking that p^0<^3t,p*t = l. 
In the example, this gives t{x^ — \) = \ ^ x ^ \. The negation in conclusion can be removed and leads 
to ? (x^ — l) = l,x— 1=0^1=0, which is proven using the Nullstellensatz equation 1 = 1 x (f (x^ — 
l)-l) + (f + fx) X (x-1) 

Finally, the tactics use first the program F4. If it fails (for memory limits), then the tactics try GB. 
If it fails too, then the tactics uses gbcoq. We have also specialised tactics, allowing the user to choose 
which program to use, between F4, GB, and gbcoq. Indeed, experiments show that no one is better than 
others. 
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6 Certificates 

Once the Nullstellensatz equation is computed, we can change the proof script, replacing the tactic gb 
with a similar tactic, called "check_gb" which will not call external programs, but instead it will take as 
arguments all the components of the Nullstellensatz equation. So, next time we will execute the proof 
script, for compilation for example, it will not need external Grobner computatior(j. Let us give an 
example. Suppose we want to prove: 

Goal forall x y z:R, x"2+x*y=0 -> y"2+x*y=0 -> x+y=0. 

we execute the tactic gbR, which proves the goal, and prints these lines in the standard output of Coq: 

(* with JC.Faugere algorithm F4 *) 

gbR_begin; check_gbR 

(x + y - 0) 

(List. cons (x * (x * 1) + x * y) (List. cons (y * (y * 1) + x * y) List. nil)) 

(List. cons y (List. cons x List. nil)) 

(Iceq 
(Pow 
(Add 

(Add Zero 
(Mul 

(Add (Add Zero (Mul (Const 1) (Const 11))) 

(Mul (Const 1 1) (Pow (Var 1) 1))) (Const 11))) 
(Mul (Const 1 1) (Pow (Var 2) 1))) 2) 
(Iceq (Const 1 1) (Iceq (Const 1 1) (Iceq (Const 1 1) Inil)))) 

Then, we can replace the line calling gbR with these tactics lines, which contains no more than the 
components of the needed Nullstellensatz equation (x+ j)^ = 1 x (x^ +xy) + 1 x {y'^+xy), and then need 
much less time to evaluate, because it doesn't need Grobner basis computation. 

7 Examples 

In this section we give several examples of use of the tactics gbR and gbR. 

7.1 Algebra 

The following examples uses the symetric expressions of coefficients with roots of a polynomial. 

First in degree 3: ii x,y,z are the three complex roots ofX^ + a*X^ + b*X + c then we have a = 

— {x + y + z), b =x*y + y*z + z*x, and c = —x*y*z- And then we can prove that x + j + z = 0=> 
x*y+y*z + z*x = 0^x*y*z = 0^x = 0, because then the polynomial becomes X^, and has only 
as a root. 

Require gbZ. 



thanks to Julien Narboux for this suggestion 
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Goal forall x y z:Z, 

x+y+z=0 -> x*y+y*z+z*x=0 -> x*y*z=0 -> x=0. 
gbZ. 
Qed. 

More complicated, the same thing in degrees 4 and 5: 

Goal forall x y z u:Z, 

x+y+z+u=0 -> 

x*y+y*z+z*u+u*x+x*z+u*y=0 -> 

x*y*z+y*z*u+z*u*x+u*x*y=0 -> 

x*y*z*u=0 -> x=0. 
gbZ. 
Qed. 

Goal forall x y z u v:Z, 

x+y+z+u+v=0 -> 

x*y+x*z+x*u+x*v+y*z+y*u+y*v+z*u+z*v+u*v=0-> 

x*y*z+x*y*u+x*y*v+x*z*u+x*z*v+x*u*v+y*z*u+y*z*v+y*u.*v+z*u.*v=0-> 

x*y*z*u+y*z*u*v+z*u*v*x+u*v*x*y+v*x*y*z=0 -> 

x*y*z*u*v=0 -> x~5=0. 
gbZ. 
Qed. 

Last example takes less than Is with F4 and GB, and gbcoq. With hol-light, it takes Is. 

7.2 Geometry 

Desargues theorem is too complicated to be proved with Grobner bases. But Pappus theorem can. We 
formalize in Coq the set of points in the real plane: 

Open Scope R_scope. 
Record point : Type: ={ 

X:R; 

Y:R}. 

Then we give two definitions of colinearity of three points (the theorem is false if we use only the 
second definition, because of degenerated configurations): 



Definition colinear(C A B:point):= 
exists a:R, 
(X C)=a*(X A)+(l-a)*(X B) /\ (Y C)=a*(Y A)+(l-a)*(Y B) 

Definition colinear2(A B C : point) := 
(X A)*(Y B)+(X B)*(Y C)+(X C)*(Y A) 
=(Y B)*(X C)+(Y C)*(X A)+(Y A)*(X B) . 
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Then we state and prove the Pappus theorem, in a specialized (but without lost of generahty) config- 
uration: 

Lemma pappus: forall ABCA' B' C DE F: point, 
(X A')=0 -> (X B')=0-> (X CO=0 -> 
(Y A)=0 -> (Y B)=0 -> (Y C) = -> 
colinear DAB' -> colinear DA' B -> 
colinear E A C -> colinear E A' C -> 
colinear F B C -> colinear F B' C -> 
colinear2 D E F. 

gbR_choice 2. 
Qed. 



In this example, F4 fails, GB takes 9s, and gbcoq takes 3s. We also tried hol-light with this example, 
which takes 77 s: 

./hoi 

prioritize_int () ; ; 

let tl = Unix.timeO ; ; 

int_ideal_cof actors 

[ ' XD - ( x4 * XA ) ' ; 

'YD -((&1 - x4) * YBl) ' ; 

'XD -( (&1 - x3) * XB) ' ; 

'YD - (x3 * YAl) '; 

' XE - x2 * XA ' ; 

'YE - (&1 - x2) * YCl' ; 

' XE - (&1 - xl) * XC ; 

' YE - xl * YAl' ; 

' XF - xO * XB ' ; 

' YF - (&1 - xO) * YCl' ; 

' XF - (&1 - x) * XC ; 

' YF - X * YBl'] 

' XD * YE + XE * YF + XF * YD - (YE * XF + YF * XD + YD * XE) ' ; ; 

Unix.time()-.tl; ; 

The general case of Pappus theorem is too complicated to compute. 

7.3 Arithmetics 

Following the idea of fTl, we can prove statements about coprimality, gcd and divisions. We have to do 
some work for that, because the tactic gbZ is not sufficient. But the problem is again an ideal membership 
one, then solvable by Grobner basis computation. We have written a tactic doing that, called gbarith. 
Here are examples of its use in Coq: 

8 
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Definition divides(a b:Z):= exists c:Z, b=c*a. 
Definition modulo(a b p:Z):= exists k:Z, a - b = k*p. 
Definition ideal(x a b:Z):= exists u:Z, exists v:Z, x = u*a+v*b. 
Definition gcd(g a b:Z):= divides g a /\ divides g b /\ ideal gab. 
Definition coprimeCa b:Z):= exists u:Z, exists v:Z, 1 = u*a+v*b. 

Goal forall a b c:Z, divides a (b*c) -> coprime a b -> divides a c. 

gbarith. 

Qed. 

Goal forall m n r:Z, divides m r -> divides n r -> coprime m n -> divides (m*n) r. 

gbarith. 

Qed. 

Goal forall x y a n:Z, modulo (x~2) a n -> modulo (y"2) a n -> divides n ((x+y)*(x-y)) 

gbarith. 

Qed. 

7.4 Computation times, comparison with hol-light 

Previous examples, and more we made, show that no one among F4, GB, gbcoq and is better than others, 
hol-light is sometimes better than F4 and GB, but gbcoq is much better than hol-light. The reason is 
simple: we often stop computations before obtaining a Grobner basis. 

8 Conclusion 

The "external" tactic of Coq is a very good tool to use efficient programs to produce proofs in specific 
domains. We have shown how to use efficient Grobner bases computations in this context. The use 
of certificates should be developped to reduce time of re-verification of proofs. The certificate can be 
written explicitely in the proof script, as we have shown here, but it could be stored in a cache. We have 
shown the interest of using external programs, but also their limits, as soon as it is impossible or difficult 
to adapt them to specific use of proof systems. We plan to investigate other decisions procedures, for 
example polynomial system solving, to produce new tactics in the same spirit. 

Acknowledgements: we thank anonymous referees for their suggestions on the redaction of this 
paper and bibhographical completions. 
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